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DETAILED ACTION 
Making Final/New Grounds 

1. Amendment received on 12/1 1/2006 has been entered into record. Claims 17-25 are 
amended. Claims 1-25 are currently pending. 

2. Claims 1,10 and 17 were previously (04/1 1/2005) amended. 

Priority 

3. This application has no priority claim made. The filing date is 08/24/2001. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 

Claims 1-25 rejected under 35 U.S.C. 103(a) as being unpatentable over Shandony (US 
6675261 B2), hereinafter referred as Shandony, and further in view of Mangat et al. (US 
6049799 A), hereinafter referred as Mangat. 

a. Shandony shows (claim 1) a method comprising: populating a directory with entries 
for each of a pluraHty of users of a multi-user computing environment, wherein each 
entry in the directory comprises a user ID and one or more group names, wherein 
each of the one or more group names corresponds to a group to which the user ID 
belongs, and wherein at least one of the entries in the directory comprises a first 
group name of the one or more group names (Fig. 1, 5, 7-12; Empl, Org A, Org B, 
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Org C, Org D, Uid, Create Group, My Groups, entity, domain; column 7, line 64- 
column 8, line 12: Group Manager 44 allows entities to create, delete and manage 
groups of users who need identical access privileges to a specific resource or set of 
resources. Managing and controlling privileges for a group of related people); 
determining a first group access control list for the first group name, wherein the first 
group access control list comprises the user IDs of users whose directory entries 
comprise the first group name (column 7, lines 64-column 8, 29: access privileges for 
a group of users on resources); for each data source in the multi-user computing 
environment which permits access by the first group name, granting access to the 
respective data source to the users in the first group access control list (Fig. 7-12; 
column 7, line 64-column 8, line 12: Group Manager 44 allows entities to create, 
delete and manage groups of users who need identical access privileges to a specific 
resource or set of resources. Managing and controlling privileges for a group of 
related people). Shandony does not show explicitly (claim 1) wherein the first group 
access control list is stored outside of the directory, 
b. Mangat shows (claim 1) wherein the first group access control Hst is stored outside of 
the directory (Fig. 4 and 5, column 2, lines 14-28: new type of directory services 
object that may be used to provide document management of documents accessed by 
users, groups of users; column 12, line 23-33: user object and group object are 
separate: column 15, line 10-43: user object; column 16, line 13-21: group object; 
user object and group object are quite different in their functions) in an analogous art 
for the purpose of document link management using directory services. 
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c. It would have been obvious to a person of ordinary skill in the art at the time of the 
invention was made to modify Shandony's functions of request based caching of data 
store data with Mangat's function of document link management. 

d. The modification would have been obvious because one of ordinary skill in the art 
would have been motivated to have group access functions different from user access 
functions per Mangat and Shandony's teaching. 

e. Regarding claim 2, Shandony shows wherein each entry in the directory comprises a 
user password; and wherein the method further comprises authenticating each user ID 
using the associated user password (column 9, lines 10-43). 

f Regarding claim 3, Shandony shows wherein each entry in the directory comprises 
zero, one, or a plurality of hostnames (Fig. 1 and 3); wherein the directory comprises 
a first hostname; and wherein the method further comprises: for each data source in 
the multi-user computing environment which permits access by the first hostname, 
granting access to the data source to the one or more users whose directory entries 
comprise the first hostname and who are seeking access fi'om the host having the first 
hostname (Fig. 1, 5 and 69; column 6, lines 52-57: The Access System includes 
Access Server 34, Web Gate 28, and Directory Server 36. Access Server 34 provides 
authentication, authorization, auditing logging services. It further provides for identity 
profiles to be used across multiple domains and Web Servers from a single webbased 
authentication (sign-on); colunm 71, line 47-column 72, line 12: checking POST from 
Web Gate for access verification). 
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g. Regarding claim 4, Shandony shows wherein the data source comprises a file or a 
directory in a file system coupled to the multi-user computing environment (Fig. 1, 3 
and 8-15). 

h. Regarding claim 5; Shandony shows wherein the access comprises read access; and 
wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control list to read 
the data source (column 13, lines 25-27). 

i. Regarding claim 6, Shandony shows wherein the access comprises write access; and 
wherein the granting access to the data source to the users in the first group access 
control list comprises permitting the users in the first group access control list to write 
to the data source (column 13, lines 27r33). 

j. Regarding claim 7, Shandony shows wherein the access comprises execute access; 
and wherein the granting access to the data source to the users in the first group 
access control list comprises permitting the users in the first group access control list 
to execute the data source (column 13, lines 40-53). 

k. Regarding claim 8, Shandony shows for each data source in the multi-user computing 
environment which permits access by the first group name and owner but denies 
access to others, denying access to the data source to users who are not in the first 
group access control list and who are not the owner of the data source (column 7, 
lines 54-column 8, line 11; column 71, line 47-column 72, line 12: checking POST 
from Web Gate for access verification). 
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1. Regarding claim 9, Shandony shows wherein the multi-user computing environment 

comprises a UNIX based operating system (column 11, lines 5-6). 
m. Claim 10-16 is of the same scope as claims 1-7 and 9. These are rejected for the same 

reasons as for claims 1-7 and 9. 
n. Claims 17-25 are of the same scope as claims 1-9. These are rejected for the same 
reasons as for claims 1-9. 
Together Shandony and Mangat disclosed all limitations of claims 1-25. Claims 1-25 are 
rejected under 35 U.S.C. 103(a). 
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Response to Arguments 

5. Applicant's arguments filed on 12/1 1/2006 have been fully considered, but they are not 
persuasive. 

" a. Applicant alleged that Mangat does not teach or suggest an access control list stored 
outside of the directory. Applicant asserted that Mangat stores a membership, 
association lists and access rights within a directory server. Applicant has alleged a 
similar argument in Appear Brief Filed dated 10/26/2005 and 5/30/2006. Examiner 
has responded to the argument in office actions dated 01/27/2006 and 09/08/2006. 
Thus item b of section 8 in the previous office action dated 09/08/2006 should be 
applicable to applicant's current argument. As examiner has further reviewed the 
previous office action dated 06/24/2005, particularly 1^^ paragraph on page 3, and the 
applied prior art, Shandony has shown (column 7, lines 64-column 8, line 29) the 
alleged limitation above. Examiner has further noticed that Shandony has shown a 
separate access server and directory server in Fig. 1 . 

b. Applicant has further argued that Shandony does not teach or suggest "granting 
access to the data source tot the one or more users whose directory entries comprise 
the first hostname and who are seeking access form the host having the first hostname 
are recited in claim 3 without detail allegation. Examiner has reviewed the alleged 
limitation in claim 3 and the recited references from Shandony. Examiner feels the 
recited Shandony references does cover the alleged limitation of claim 3. 

c. It is the Examiner's position that Applicant has not submitted claims drawn to 
limitations, which define the operation and apparatus of Applicant's disclosed 
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invention in manner, which distinguishes over the prior art. As it is Applicant's right 
to claim as broadly as possible their invention, it is also the Examiner's right to 
interpret the claim language as broadly as possible. It is the Examiner's position that 
the detailed functionality that allows for Applicant's invention to overcome the prior 
art used in the rejection, fails to differentiate in detail how these features are unique 
(see item a in section 4). Shandony and Mangat has shown the. general art of group 
based access control functions. It is clear that Applicant must be able to submit claim 
language to distinguish over the prior arts used in the above rejection sections that 
discloses distinctive features of Applicant's claimed invention. It is suggested that 
Applicant compare the original specification and claim language with the cited prior 
art used in the rejection section above to draw an amended claim set to further the 
prosecution. 

d. Failure for Applicant to narrow the definition/scope of the claims and supply 

arguments commensurate in scope with the claims implies the Applicant's intent to 
broaden claimed invention. Examiner interprets the claim language in a scope 
parallel to the Applicant in the response. Examiner reiterates the need for the 
Applicant to more clearly and distinctly define the claimed invention. 
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Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action is not mailed until after the end 
of the THREE-MONTH shortened statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 
1 . 1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

7. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. Refer to the enclosed PTO-892 for details. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peling A. Shaw whose telephone number is (571) 272-7968. The 
examiner can normally be reached on M-F 8:00 - 4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William C. Vaughn can be reached on (571) 272-3922. The fax phone number for 
the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the statu9s of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
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applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). ' 
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